I am currently working on a react application, and have a database of customer information. I want to turn that information into accounts, and was wondering if Firebase will work for this? I don't want to have to store passwords, or deal with accounts, so I just want current customers to be able to log in with google / facebook. Will Firebase be able to link into my current PostgreSQL db, or how would that work?
There are NPM modules for this that I have been looking into, however I was wondering if Firebase is a better option for this. Also, what would the limitations of a free Firebase account be?
Firebase Authentication has no built-in connection to PostgreSQL.
But if you have a trusted environment where you can run code (like your development machine, a server you control, or Cloud Functions for Firebase), you can use the Firebase Admin SDK to verify the token from Firebase Authentication. For more on this approach, see the Firebase documentation on verifying ID tokens.
Related
I am looking to fetch lastSignInTime for all users by using the UID of the users.
I am using react.js
I have attached a screenshot of it so that you will have an idea of what I am looking for.
Hope, you guys help me out with this.
There is no way to access profile information about other users than yourself from within the client-side SDKs of Firebase Authentication.
If you need such information in your app, the two main options are:
Write the information to a cloud-based database (such as Firebase's own Realtime Database or Firestore) when they sign in, and read it from there.
Use the Admin SDK to access this information for all users in a trusted environment, such as a server you control or Cloud Functions. From there you can then expose the information to your ReactJS application as a custom API.,
In both cases, be sure to take care of securing access to the information, by limiting the amount of data you expose and who can access it.
Im watching this tutorial that uses the firebase client library in cloud functions to authenticate users. I am starting to doubt wether this is the right approach. Should I do all the authentication in the react app instead? The tutorial explains that the benefit of doing everything server side is that it decreases the amount of things the user has to download to run the application.
That being said, Im having difficulty getting the client library to work with typescript which makes me just want to scrap it. How should I proceed?
It is generally better practice to host authentication (and especially authentication logic) in the back-end, if not for performance, definitely for security reasons.
That said, you can avoid using cloud functions for this authentication with firebase! Here is an alternative super simple video tutorial you may like instead from Fireship: https://www.youtube.com/watch?v=zQyrwxMPm88. The Google Firebase YouTube channel also has many videos on the subject.
Cloud functions are useful for when you want parallel action to be taken in the back-end during or after login, while the useAuthState() react hook is great for when you want parallel action to be taken in the front-end during or after login.
so my view on the best approach to solve this on Firebase is to either:
A) Use the Auth Firebase SDK for your client to create users and sign in users,
B) Do it with the Auth REST API
The end result is the same, you get your users into Firebase and you can sign them in and get their auth tokens. The SDK runs on the client, the REST API runs on the server. Once that's done, you can use the user token and pass it to cloud functions to do whatever you need and check the token validity and permissions server side.
On the cloud functions you're supposed to use the Admin SDK, not the client SDK. And the admin SDK has all privileges. For a more specific reason why you SHOULD NOT use the client SDK on cloud functions, is because it keeps state. So 2 users calling your cloud functions, using the client sdk server side, would result in the same user token, which is an error.
I hope I've solved your problem?
im maintaining an older react web-app that uses a firebase realtime-database to store its data. I want to restrict the access to the database, so that only my react app can read from and write into the database. Is there a way to set up an admin-like login (kinda like with sql-databases) to authenticate my application?
I don't want to authenticate other users or enable them to register, I just want to ensure that only the web-app can edit and modify the database.
I've tried to experiment with the firebase authentication-methods but they don't seem to be what im looking for.
Thanks in advance!
I don't want to authenticate other users or enable them to register, I just want to ensure that only the web-app can edit and modify the database.
That's not possible. The only way to control access to a Realtime Database instance (while allowing direct access from web and mobile clients) is using Firebase Authentication to identify users, in combination with security rules that determine which users can access which data. Otherwise, anyone with an internet connection will be able to read or write the database.
I am deciding which technologies to choose for my next project and I've decided that I'd like to use some of the Google Cloud products. I've been reading about Firestore in Native Mode and the idea of developing a web without a server need for CRUD operations seems really interesting.
My problem comes with me wanting to also use Google Recaptcha v3, is there any way to read how trusted an user is using according to Recaptcha v3 in the secutiry rules of Firestore to deny the request if it's, for example, under 2.
Thanks
No, Firestore security rules don't have any access to data from recaptcha. If you want to know something about the end user, you will have to use Firebase Authentication.
There is no information about Google Recaptcha v2 that is automatically included in the Firebase Authentication token for the user, as far as I know. And since the auth token is the only information about the user that is available in security rules (as request.auth), the repatcha information won't be available.
The only way to get that information into the user's token is if you'd add it yourself as a custom claim from one of the Admin SDKs.
My question is if I'm using firebase and I also need to do backend stuff, i.e. send an email to the user, register the user in my database. Then I will also need firebase's admin service account set up to verify the user. Now, can I use my own server to run admin service account or does firebase/Google force me to use Google's app engine?
The Firebase Admin SDK can be run on any server that can run the code.
For example, the Admin SDK for Node.js is just a regular node module. This means it can be run on any node environment: your own server, on App Engine Flex/GCE/GKE/etc, or on the serverless Cloud Functions for Firebase. All work equally fine.